Upload
duy-dang-pham
View
217
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Information Availability as Driver of Information Security Investments: A Systematic Review Approach
Duy P.T. Dang & Mathews Z. Nkhoma
The problems
Making investment decisions for information security is difficult:
–Too much uncertainty / asymmetric information
–What are the values of information security investments?
–How to measure ROI?
Low information security investments
Firms are at risks against cyber-threats
The current solutions
Encourage information
sharing
Reduce asymmetric information
Improve awareness
about information
security
Improve investment in information
security
Does Information only has indirect driving relationship
with Information security investments through the
increase of Awareness?
Research questions
•RQ1: What have been done to investigate their
driving function since 2007?
•RQ2: Can information availability (internal and
external) drive information security investments?
Information Availability’s role in investment is
emphasised
Research methodology
• Systematic Literature Review–Contemporary literature review method–Covers detailed information during the LR process that is
identifiable and reproducible for future research
• Consists of two parts:–Descriptive analysis:
Provides the big picture of the literature’s themeDescriptive statistics to identify the trends over periods of time
–Thematic analysis:How to reproduce the LR processIdentify the themes and analyse the collected data to come up
with organised findings
Research findings (1) – Descriptive Analysis
RQ1: What have been done to investigate IA driving function
since 2007?
Research findings (1) – Descriptive Analysis
Research findings (2) – Thematic Analysis
RQ2: Can information availability (internal and external) drive
information security investments?
• Few confirmatory studies indicate that information can directly drive
information security investments; despite
–The exploratory literature suggests information availability can
contribute to evaluation of needs to invest in information security
–Focuses much on development of new tools and methods to
evaluate information security investments
Synthesis and the way forward
•We encourage future research to focus on
investigating the driving function of Information
Availability to information security investments
•We are also conducting an ongoing research on
this topic by surveying 500+ IT decision-makers
in Vietnam
Synthesis and the way forward
Q&A
•Duy Dang
–http://rmit.academia.edu/duydang
•Dr. Mathews Nkhoma
–http://rmit-vn.academia.edu/MATHEWSNKHOMA